Time and State
Category ID: 361 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads.

Extended Description

Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer's model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class362Race Condition
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base364Signal Handler Race Condition
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base367Time-of-check Time-of-use (TOCTOU) Race Condition
Seven Pernicious Kingdoms (primary)700
ParentOfCategoryCategory371State Issues
Development Concepts (primary)699
ParentOfCategoryCategory376Temporary File Issues
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base377Insecure Temporary File
Seven Pernicious Kingdoms (primary)700
ParentOfCategoryCategory380Technology-Specific Time and State Issues
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant382J2EE Bad Practices: Use of System.exit()
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant383J2EE Bad Practices: Direct Use of Threads
Seven Pernicious Kingdoms (primary)700
ParentOfCompound Element: CompositeCompound Element: Composite384Session Fixation
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base385Covert Timing Channel
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base386Symbolic Name not Mapping to Correct Object
Development Concepts (primary)699
ParentOfCategoryCategory387Signal Errors
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base412Unrestricted Externally Accessible Lock
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfCategoryCategory557Concurrency Issues
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base609Double-Checked Locking
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base613Insufficient Session Expiration
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base662Insufficient Synchronization
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base663Use of a Non-reentrant Function in an Unsynchronized Context
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class669Incorrect Resource Transfer Between Spheres
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base672Operation on a Resource after Expiration or Release
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class673External Influence of Sphere Definition
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base674Uncontrolled Recursion
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base698Redirect Without Exit
Development Concepts (primary)699
MemberOfViewView700Seven Pernicious Kingdoms
Seven Pernicious Kingdoms (primary)700
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsTime and State
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
61Session Fixation
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
7 Pernicious KingdomsExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description